We've been reselling SSL certs for ages, with an appropriate markup to compensate us for all the mucking around with buying, installing, troubleshooting when it goes wrong, etc.

To be honest, I'm not bothered by the loss of markup income that we got from the above. I'm a big supporter of anything the makes the whole process less painful for us, and more economical ($0!) to our clients.

Given that various providers are still trying to sell their SSL certificates... what should I advise my clients about whether they should consider a paid SSL or not? I've no doubt that the fast majority of our clients will be very happy to have free SSL certs from now on. But some larger clients (corporates and government departments) might distrust the "free" thing when it comes to matters of security.

The only argument against $0 Let's Encypt SSL certs that I've found so far is that, unlike the Comodos and GeoTrusts of this world, Let's Encrypt don't offer any sort of warranty or insurance in the event that the encryption is broken or otherwise flawed. If that's the only argument against Let's Encrypt, then it's not good enough IMHO.

Can anyone else offer up any reasons why come website owners should validly consider paying for their SSL cert in the future?

There's different levels of SSL (as I'm sure you know), different warranty grades, different lengths of renewal time, and different levels of compatibility. And they don't support wildcard SSL. Some older browsers don't support them, but that's not that big of an issue.

The SSL market has always been a funny playing field regarding pricing, but whether or not somebody needs a $10,000,000 warranty or not is a different story.

I'm perfectly content with my free SSLs from them, but it's not enough for all purposes (enough for all of mine though).

Staff Member

The only additional reason I've seen presented for paying for a DV SSL is the length of time the SSL is valid (1 yr vs 90 days). Beyond that, I think paying for DV SSLs isn't going to be something folks will be convinced to do, once they learn that there are free ones available. The need for EV, Wildcard, and OV certs will all still be reasons to pay, and I feel like the people who need those levels of SSL will be willing to pay for them.

In terms of Wildcard SSLs..... I think you'd have to have a huge number of sub-domains to make this a good enough reason in it's own right, and/or the domains and sub-domains you want an SSL cert for are spread over a number of different servers.

Speaking from our own perspective, historically we've recommended wildcard SSL certs to our clients just because, at a minimum, it allows us to have a valid SSL cert to work with dev. and test. sub-domain versions of their websites. So although I read that "Let's Encrypt" doesn't provide wildcard SSL certs, it does (I observe) issue SSL certs for properly configured sub-domains on the same hosting account. So in our particular use case, free Let's Encrypt SSL certs are covering all our needs, including sub-domains. Sweet!

In terms of Wildcard SSLs..... I think you'd have to have a huge number of sub-domains to make this a good enough reason in it's own right, and/or the domains and sub-domains you want an SSL cert for are spread over a number of different servers.

Speaking from our own perspective, historically we've recommended wildcard SSL certs to our clients just because, at a minimum, it allows us to have a valid SSL cert to work with dev. and test. sub-domain versions of their websites. So although I read that "Let's Encrypt" doesn't provide wildcard SSL certs, it does (I observe) issue SSL certs for properly configured sub-domains on the same hosting account. So in our particular use case, free Let's Encrypt SSL certs are covering all our needs, including sub-domains. Sweet!

Click to expand...

Yeah, it does everything I need also. But some people actually need real wildcard certs. There is a limitation as to how many domains (including the subdomains) that be included within a specific time period, but as long as you're working within those limits it's all good. They list the limits on their site somewhere.

Many of my clients have federated services for their Windows machines that have to link up with major corporations/services. So, while they don't require much of a cert to get it done, they greatly benefit from OV wildcard certs - some partners do require them. Particularly due to the process of updating, I recommend 5 year certs. And, as @cPanelBenny surmised, they don't mind paying for them.